undefined | Better HN

0 pointssneak10y ago0 comments

yes, but it's static public pages. it's a pretty big stretch. it's not like users are POSTing confidential data up to your site.

0 comments

jon-wood10y ago

You may well be hosting or linking to builds though, and if someone could replace a popular project's binary builds with one that'll compromise any machine its installed on that's a pretty big deal, especially if some of those machines are production servers.

j / k navigate · click thread line to collapse

0 pointssneak10y ago0 comments

yes, but it's static public pages. it's a pretty big stretch. it's not like users are POSTing confidential data up to your site.

0 comments

jon-wood10y ago

You may well be hosting or linking to builds though, and if someone could replace a popular project's binary builds with one that'll compromise any machine its installed on that's a pretty big deal, especially if some of those machines are production servers.

j / k navigate · click thread line to collapse